Apple Support Communities > Servers and Enterprise Software > Mac OS X Server v10.4 and earlier > Discussions
This discussion is archived
7323 Views 33 Replies Latest reply: May 3, 2007 3:31 AM by tobias Eichner
Currently Being ModeratedApr 21, 2007 12:39 AM (in response to R Bryan Harrison)Hi
I have other problems, (http://discussions.apple.com/thread.jspa?threadID=933299&tstart=0 ) and I just tested, and I also have the same problems you are having (on 2 different servers)
So far, I can see, that the /system/library/launchdaemon/ftp.plist has changed from using the program xftpd to using the program ftpd.
I tried yesterday to change the plist and i seemed ok, but the new one (ftpd) was quicker so i reverted. BUT with your discoveries will make me change the plist file back to pre 2007-004 security update.
Or, perhaps make all the config files as ftpd expects to find ind the /etc/ lib. (try man ftpd)
This is my pre 2007-004 security update ftp.plist:
# cat pre.2007-004.ftp.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
The biggest disaster is, that Apple wrote, that the change on the lukemftpd -> tnftpd wasn't an issue on OS X Server (perhaps they meant something other, that what I understood)
Currently Being ModeratedApr 21, 2007 12:39 AM (in response to R Bryan Harrison)The security update caused this behavior on MacOS X Server. I have 7 servers that run FTP services for various reasons and they are all affected. I have had to shut off FTP until I can figure out a fix. With hope Apple comes out with a fix in short order.MacBook Pro 15", Mac OS X (10.4.9)
Currently Being ModeratedApr 21, 2007 1:02 AM (in response to Joakim Hartmann-Petersen)I have changed to the old plist. ACL (se my originale thread) works and you can't cd / (well, you can, but you get what you expect - the root of your home)
I think everything is back by that change. I will however revert back just before the next update, to see, if Apple has made the error right again.
One thing I'm missing now: the logging to the ftp.log file. The new tnftpd could log login/transfer etc. to ftp.log, but the pre sec.upd. can't.
Currently Being ModeratedApr 21, 2007 1:53 AM (in response to Joakim Hartmann-Petersen)Changing the ftp.plist file is a great solution. Thanks for that. I was already trying to create a ftpd.conf file in /etc to get ftpd working correctly. However, I wasn't having any immediate success. In any case, it seems like it was an oversight by Apple to only create one security update for both OS X 10.4.9 client and server. They are not equal. I hope nothing else was taken under as well.MacBook Pro 15", Mac OS X (10.4.9)
Currently Being ModeratedApr 21, 2007 4:34 PM (in response to Joakim Hartmann-Petersen)Thanks, you're a lifesaver. I've been wrestling for the past couple of hours with this issue. I was migrating from Server 10.3.9 to Server 10.4.x, and I applied all the updates to get it to 10.4.9 before I noticed the FTP issue.
I thought it was just me. Fortunately I have more than one 10.4.x server handy; the other two are running 10.4.8.
Now that I think about it though, this is the second time to my knowledge that Apple has broken FTP. The last time was back in the 10.2 days, and it broke file sharing via FTP on 10.2.x client computers.
Anyway, thanks a bunch for posting that message. I've adjusted the ftp.plist to use xftp again, and all is well.
Lots of Macs
Currently Being ModeratedApr 21, 2007 5:30 PM (in response to Joakim Hartmann-Petersen)That's great - I can't thank you enough.
I wish I fully understood both the problem and the fix, but until I have to time study and work it out, I'm very happy with the band-aid.
-BryanG5 DP 2.5 ghz, etc., Mac OS X (10.4.9), OS X Server 10.4.9
Currently Being ModeratedApr 22, 2007 3:57 PM (in response to Zach Marano)I don't consider editing the plist file a RESOLUTION of this topic.
- For one, while it does solve the root access problem, it still does not get users back into their Home Directory only. The Server Admin settings are still ignored.
Apple, me and my 150 paying web hosting customers are hoping you fix this soon.
Hermosawave InternetXserve and G4s with Tiger Server, PBs, minis..., Mac OS X (10.4.9), Tiger and Panther Server
Currently Being ModeratedApr 22, 2007 6:17 PM (in response to R Bryan Harrison)Yes, this is a disaster. All the share points listed are poof gone. I can only suggest SFTP to folks now since this functionality is busted, which is NOT good.
I would have expected an update to the Admin Tool for the server side if they were making such a drastic change.
Personally, I'm seeing, that I will now despise the iPhone due to what it's done to QA resources for OS X. This I think is the result. (great and an October release of Leopard.. psssh)
Anyhow, I have yet to try the PLIST fix, but I think trolling through the man page for the new FTP server to fix this issue. I'll keep you all posted.G5, Mac OS X (10.4.9)
Yeah, there isn't a "resolution" here.
I think we're looking for why the ftpd is not accessing and utilizing files found here:
ftpaccess is one of the big ones, since this is what defines what a major bit of the functionality of the ftpd server will follow, including permissions.
According to the tnftpd man page, it's looking for this:
/etc/ftpchroot List of normal users whose root directory should be
changed via chroot(2).
/etc/ftpd.conf Configure file conversions and other settings.
/etc/ftpusers List of unwelcome/restricted users.
/etc/ftpwelcome Welcome notice before login.
/etc/motd Welcome notice after login.
/etc/nologin If it exists, displayed and access is refused.
State file of logged-in processes for the tnftpd class
/var/run/utmp List of logged-in users on the system.
/var/log/wtmp Login history database.
None of which exist after the update. Apple, what hath though wrought?G5, Mac OS X (10.4.9)
Currently Being ModeratedApr 22, 2007 9:55 PM (in response to Daniel Sofer)While we can debate the semantics of the word "resolved" (and I agree Apple has resolved nothing), I do want to note one more time that with Joakim's backup "ftp.plist" and some fussing, I've been able to restore all the previous functionality of my configuration, including appropriate access to home directories and sharepoints.
The solutions I've found are inelegant enough to make me wince, but I'll describe them in detail if anyone cares. Of course, Server Admin's interface to WuFTP makes me wince as well - it's nearly as bad as its godawful DNS interface. And as so many people have noted over the years, WuFTP itself is a bit of a dog.
This particular mess is certainly infuriating, but given Apple's stated priorities with regard to the iPhone and OS X, I'll be pleasantly surprised if we see a fix anytime soon. In the meantime, I'm grateful for everyone's help as I have neither the time nor the inclination to replace WuFTP with a more elegant solution right now.
In general, I find OS X Server's evolution toward something that might actually live up to its hype to be extremely slow, it's documentation to be so shallow as to be useless, and both the rate at which bugs are fixed and the frequency with which updates introduce new ones to be unfortunate... At best, it's always struck me as an adequate implementation of a great idea. I've been using it since its initial release, and have always though it a real shame Apple doesn't assign it enough resources for it to fulfill its potential.
I often feel vaguely as though I'm having a long-term affair with a sweet, beautiful drunk. (Of course when I consider the alternatives, I have to concede that it's better than the norm, which seems more like being involved with plug-ugly violent drunk.)
-BryanG5 DP 2.5 ghz, etc., Mac OS X (10.4.9), OS X Server 10.4.9
Currently Being ModeratedApr 22, 2007 10:04 PM (in response to Daniel Sofer)Well, It works here. Did you just change the program name??
or did you revert to the original ftp.plist. (hint: there is more changes than just the name)
I have just tried changing the SA->FTP-> Advanced and tried all 3 options.
FTP root and share points: FTP user started ind home dir. CD/ gave shares (FTP root is below one of the shares)
Home Dir With Shares: FTP Users started in home dir. CD / still gave home dir and There was the link to FTPRoot where my shares was.
Home Dir only: Ftp user started in home dir and there was a FTPRoot link but it didnt point anywhere (was left over from the previous test)
I cant see, whats missing.
Currently Being ModeratedApr 23, 2007 8:57 AM (in response to Joakim Hartmann-Petersen)Jokaim, Bryan:
Thanks for the responses.
I replaced my ftp.plist with yours and now the ftp won't start from the Server Admin, yet an ftp service is running.
I'll take another look soon.
DanielXserve and G4s with Tiger Server, PBs, minis..., Mac OS X (10.4.9)
Currently Being ModeratedApr 23, 2007 11:03 AM (in response to Joakim Hartmann-Petersen)Hi Joakim:
Yes after I restarted, the mystery ftp server disappeared
After poking around with many iterations of the plist file, I was able to get the FTP server working properly again.
I think my problems were:
-- Copying your plist from the discussions page and pasting directly into the terminal -- when I pasted into BBEdit first , removed your comment line, reflowed and saved, and then pasted into terminal>pico -- it was happier.
-- Trying to start the server with the Server Admin instead of rebooting the entire server.
Okay, I can exhale now! Thanks for your help.
Hermosawave InternetXserve and G4s with Tiger Server, PBs, minis..., Mac OS X (10.4.9)